Configuring TrueSight Infrastructure Management to enable TLS 1.2

You can upgrade the security in your enterprise environment by using TLS 1.2 to communicate with TrueSight Infrastructure Management components. After the installation of TrueSight Infrastructure Management components, you can switch from the default inter-component security configuration to TLS 1.2 configuration.

Before you begin

Ensure to complete the certificate creation and import tasks for the relevant components before you configure TLS 1.2 between them. For more information about how to create and import private certificates, see Implementing-private-certificates-in-TrueSight-Operations-Management.

To configure the TrueSight Infrastructure Management components to enable TLS 1.2

There are different communication channels established between the TrueSight Infrastructure Management components. Perform the TLS configurations per communication channel. Select the communication channel which you want to make TLS compliant and perform the tasks accordingly. The flowchart in the following diagram explains the complete TLS configuration workflow.

To enable TLS 1.2, complete the procedures by navigating the following tabs, or select the procedures from documentation links in the flowchart.

Excerpt named event_flow was not found in document xwiki:IT-Operations-Management.Operations-Management.TrueSight-Operations-Management.tsomd11307.Installing.Securing-communication-among-Infrastructure-Management-components.Configuring-TrueSight-Infrastructure-Management-to-enable-TLS-1-2.Configuring-the-Infrastructure-Management-Server-to-Presentation-Server-communication-to-enable-TLS-1-2.WebHome.

The following sections describe the configuration steps for both the local Integration Service and remote Integration Service in TLS 1.2 mode. Perform the configuration steps based on the type of Integration Service installed:

Step 1: To configure the local Integration Service
Step 2: To configure the remote Integration Service
Step 3: To start the servers

To configure the local Integration Service

Stop the Infrastructure Management Server by running the following command:
pw system stop
Using a text editor, open pronet.conf file located in <Infrastructure Management Server Install directory>\pw\custom\conf directory.
Comment out the instance of the code line having the conntype value as tcp as shown in the following code block:
#pronet.apps.agent.conntype=tcp
Set the conntype value to ssltcp as shown in the following code block:
#Configuration settings to make the Infrastructure Management Server to Local Integration Service TLS 1.2 compliant
pronet.apps.agent.conntype=ssltcp
Note
Modify the file present in the pw\custom\conf directory, if it is a local Integration Service.
Save and close the file.

To configure the remote Integration Service

Stop the Infrastructure Management Server by running the following command:
pw system stop
Using a text editor, open pronet.conf file located in <Infrastructure Management Server Install directory>\pw\custom\conf directory.
Comment out the instance of the code line having the conntype value as tcp as shown in the following code block:
#pronet.apps.agent.conntype=tcp
Set the conntype value to ssltcp as shown in the following code block:
pronet.apps.agent.conntype=ssltcp
Save and close the file.
Logon to the computer where the remote Integration Service is installed, and stop the Integration Service (Unix) by running the following command:
pw is stop
To stop the Integration Service (Microsoft Windows), navigate to Start > Settings > Control Panel.
1. Double-click the Services icon to launch the Services dialog box.
2. Locate the BMC TrueSight Infrastructure Management Integration Service on the list of services, highlight, then click Stop.
3. Click Yes to close the warning message that is displayed.
  The status for the Integration Service changes from Started to (blank).
Using a text editor, open pronet.conf file located in <Integration Service Install directory>\agent\custom\conf directory.
Add or update the conntype value to ssltcp as shown in the following code block:
pronet.apps.agent.conntype=ssltcp
Note
Modify the file present in the agent\custom\conf directory, if it is a remote Integration Service.
Save and close the file.

To start the servers

Perform the following set of steps after the configuration changes are completed.

To edit the Integration Service's properties

Log in to the TrueSight console, and access Configuration > Managed Devices. Managed Devices page displays the BMC TrueSight Infrastructure Management components that are displayed in a hierarchical order as shown in the following diagram.
Click the action menu of the Integration Service for which the TLS configurations need to be applied. When the Integration Service is in the disconnected state, the action menu displays the options: Edit, Delete, View, Connect.
Select the Edit option.
The Integration Service properties are displayed. Set the Connection to Infrastructure Management Server property to Direct access using SSL TCP/IP.
Click Save.
Start the Infrastructure Management Server by running the following command:
pw system start
Start the Integration Service (Unix) by running the following command:
pw is start
To start the Integration Service (Microsoft Windows), navigate to Start > Settings > Control Panel.
Double-click the Services icon to launch the Services dialog box.
Locate the BMC TrueSight Infrastructure Management Integration Service on the list of services, highlight, then click Restart.
Click Yes to close the warning message that is displayed.
The status for the Integration Service changes to Started from (blank).
Note
The Integration Service restart is applicable only to the remote Integration Service. The local Integration Service is restarted automatically along with the Infrastructure Management Server.

The following section guides you to configure the Integration Service to Cell communication in TLS 1.2. Choose the appropriate configuration steps based on the type (local / remote) of the Integration Service and the cell used.

Step 1: To configure the local Integration Service
Step 2: To configure the remote Integration Service
Step 3: To configure the local Cell
Step 4: To configure the remote Cell
Step 5: To start the servers

To configure the local Integration Service

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

org.xwiki.rendering.macro.MacroExecutionException: Failed to get document for reference [confluencePage:page:tsomd113._InclCont]
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.internalExecute(ExcerptIncludeMacro.java:130)
at productHelper.macros.BmcExcerptIncludeMacro.internalExecute(BmcExcerptIncludeMacro.java:27)
at productHelper.macros.BmcExcerptIncludeMacro.internalExecute(BmcExcerptIncludeMacro.java:18)
at com.xwiki.macros.AbstractProMacro.execute(AbstractProMacro.java:116)
at org.xwiki.rendering.internal.transformation.macro.MacroTransformation.transform(MacroTransformation.java:441)
at org.xwiki.rendering.internal.transformation.DefaultRenderingContext.transformInContext(DefaultRenderingContext.java:183)
at org.xwiki.rendering.internal.transformation.DefaultTransformationManager.performTransformations(DefaultTransformationManager.java:88)
at org.xwiki.display.internal.DocumentContentAsyncExecutor.executeInCurrentExecutionContext(DocumentContentAsyncExecutor.java:396)
at org.xwiki.display.internal.DocumentContentAsyncExecutor.executeInIsolatedExecutionContext(DocumentContentAsyncExecutor.java:365)
at org.xwiki.display.internal.DocumentContentAsyncExecutor.execute(DocumentContentAsyncExecutor.java:267)
at org.xwiki.display.internal.DocumentContentAsyncRenderer.execute(DocumentContentAsyncRenderer.java:112)
at org.xwiki.rendering.async.internal.block.AbstractBlockAsyncRenderer.render(AbstractBlockAsyncRenderer.java:157)
at org.xwiki.rendering.async.internal.block.AbstractBlockAsyncRenderer.render(AbstractBlockAsyncRenderer.java:54)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:290)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:267)
at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.execute(DefaultBlockAsyncRendererExecutor.java:125)
at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:67)
at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:43)
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.getExcerptFromXDOM(ExcerptIncludeMacro.java:233)
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.getExcerptFromXDOM(ExcerptIncludeMacro.java:245)
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.getExcerptFromXDOM(ExcerptIncludeMacro.java:245)
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.getExcerptFromXDOM(ExcerptIncludeMacro.java:245)
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.getExcerpt(ExcerptIncludeMacro.java:175)
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.internalExecute(ExcerptIncludeMacro.java:142)
at productHelper.macros.BmcExcerptIncludeMacro.internalExecute(BmcExcerptIncludeMacro.java:27)
at productHelper.macros.BmcExcerptIncludeMacro.internalExecute(BmcExcerptIncludeMacro.java:18)
at com.xwiki.macros.AbstractProMacro.execute(AbstractProMacro.java:116)
at org.xwiki.rendering.internal.transformation.macro.MacroTransformation.transform(MacroTransformation.java:441)
at org.xwiki.rendering.internal.transformation.DefaultRenderingContext.transformInContext(DefaultRenderingContext.java:183)
at org.xwiki.rendering.internal.transformation.DefaultTransformationManager.performTransformations(DefaultTransformationManager.java:88)
at org.xwiki.display.internal.DocumentContentAsyncExecutor.executeInCurrentExecutionContext(DocumentContentAsyncExecutor.java:396)
at org.xwiki.display.internal.DocumentContentAsyncExecutor.execute(DocumentContentAsyncExecutor.java:269)
at org.xwiki.display.internal.DocumentContentAsyncRenderer.execute(DocumentContentAsyncRenderer.java:112)
at org.xwiki.rendering.async.internal.block.AbstractBlockAsyncRenderer.render(AbstractBlockAsyncRenderer.java:157)
at org.xwiki.rendering.async.internal.block.AbstractBlockAsyncRenderer.render(AbstractBlockAsyncRenderer.java:54)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:290)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:267)
at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.execute(DefaultBlockAsyncRendererExecutor.java:125)
at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:67)
at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:43)
at org.xwiki.display.internal.DefaultDocumentDisplayer.display(DefaultDocumentDisplayer.java:96)
at org.xwiki.display.internal.DefaultDocumentDisplayer.display(DefaultDocumentDisplayer.java:39)
at org.xwiki.sheet.internal.SheetDocumentDisplayer.display(SheetDocumentDisplayer.java:123)
at org.xwiki.sheet.internal.SheetDocumentDisplayer.display(SheetDocumentDisplayer.java:52)
at org.xwiki.display.internal.ConfiguredDocumentDisplayer.display(ConfiguredDocumentDisplayer.java:68)
at org.xwiki.display.internal.ConfiguredDocumentDisplayer.display(ConfiguredDocumentDisplayer.java:42)
at com.xpn.xwiki.doc.XWikiDocument.display(XWikiDocument.java:1412)
at com.xpn.xwiki.doc.XWikiDocument.getRenderedContent(XWikiDocument.java:1548)
at com.xpn.xwiki.doc.XWikiDocument.displayDocument(XWikiDocument.java:1498)
at com.xpn.xwiki.doc.XWikiDocument.displayDocument(XWikiDocument.java:1467)
at com.xpn.xwiki.api.Document.displayDocument(Document.java:788)
at jdk.internal.reflect.GeneratedMethodAccessor545.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:571)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:554)
at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:221)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:368)
at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:704)
at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:75)
at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:242)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:190)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.xwiki.velocity.internal.directive.TryCatchDirective.render(TryCatchDirective.java:86)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:304)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.Template.merge(Template.java:358)
at org.apache.velocity.Template.merge(Template.java:262)
at org.xwiki.velocity.internal.InternalVelocityEngine.evaluate(InternalVelocityEngine.java:225)
at com.xpn.xwiki.internal.template.VelocityTemplateEvaluator.evaluateContent(VelocityTemplateEvaluator.java:105)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.evaluateContent(TemplateAsyncRenderer.java:219)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.renderVelocity(TemplateAsyncRenderer.java:174)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:135)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:54)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.lambda$syncRender$0(DefaultAsyncRendererExecutor.java:284)
at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:284)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:267)
at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.render(DefaultBlockAsyncRendererExecutor.java:154)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:906)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:868)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:855)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderNoException(InternalTemplateManager.java:810)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderNoException(InternalTemplateManager.java:802)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.renderNoException(DefaultTemplateManager.java:79)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.renderNoException(DefaultTemplateManager.java:73)
at org.xwiki.template.script.TemplateScriptService.render(TemplateScriptService.java:54)
at jdk.internal.reflect.GeneratedMethodAccessor7108.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:571)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:554)
at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:221)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:368)
at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:492)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:218)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:331)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:261)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:304)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.Template.merge(Template.java:358)
at org.apache.velocity.Template.merge(Template.java:262)
at org.xwiki.velocity.internal.InternalVelocityEngine.evaluate(InternalVelocityEngine.java:225)
at com.xpn.xwiki.internal.template.VelocityTemplateEvaluator.evaluateContent(VelocityTemplateEvaluator.java:105)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.evaluateContent(TemplateAsyncRenderer.java:219)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.renderVelocity(TemplateAsyncRenderer.java:174)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:135)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:54)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.lambda$syncRender$0(DefaultAsyncRendererExecutor.java:284)
at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:284)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:267)
at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.render(DefaultBlockAsyncRendererExecutor.java:154)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:906)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:868)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:855)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderNoException(InternalTemplateManager.java:810)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderNoException(InternalTemplateManager.java:802)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.renderNoException(DefaultTemplateManager.java:79)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.renderNoException(DefaultTemplateManager.java:73)
at org.xwiki.template.script.TemplateScriptService.render(TemplateScriptService.java:54)
at jdk.internal.reflect.GeneratedMethodAccessor7108.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:571)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:554)
at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:221)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:368)
at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:492)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:218)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:331)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:261)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:304)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:171)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:190)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:147)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:190)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:439)
at org.apache.velocity.Template.merge(Template.java:358)
at org.apache.velocity.Template.merge(Template.java:262)
at org.xwiki.velocity.internal.InternalVelocityEngine.evaluate(InternalVelocityEngine.java:225)
at com.xpn.xwiki.internal.template.VelocityTemplateEvaluator.evaluateContent(VelocityTemplateEvaluator.java:105)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.evaluateContent(TemplateAsyncRenderer.java:219)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.renderVelocity(TemplateAsyncRenderer.java:174)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:135)
at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:54)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.lambda$syncRender$0(DefaultAsyncRendererExecutor.java:284)
at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:284)
at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:267)
at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.render(DefaultBlockAsyncRendererExecutor.java:154)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:906)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:868)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:848)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:834)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:91)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:85)
at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2564)
at com.xpn.xwiki.web.Utils.parseTemplate(Utils.java:180)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:651)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:339)
at com.xpn.xwiki.web.LegacyActionServlet.service(LegacyActionServlet.java:108)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:122)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.wysiwyg.filter.ConversionFilter.doFilter(ConversionFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:132)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:710)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:457)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:384)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:312)
at com.xpn.xwiki.web.XWikiAction.redirectSpaceURLs(XWikiAction.java:1171)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:509)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:339)
at com.xpn.xwiki.web.LegacyActionServlet.service(LegacyActionServlet.java:108)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:122)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.wysiwyg.filter.ConversionFilter.doFilter(ConversionFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:132)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:764)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:354)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1684)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: com.xpn.xwiki.XWikiException: Error number 3202 in 3: Exception while reading document [confluencePage:page:tsomd113._InclCont()]
at com.xpn.xwiki.store.XWikiHibernateStore.loadXWikiDoc(XWikiHibernateStore.java:1233)
at com.xpn.xwiki.store.XWikiCacheStore.loadXWikiDoc(XWikiCacheStore.java:399)
at com.xpn.xwiki.XWiki.getDocument(XWiki.java:2195)
at com.xpn.xwiki.XWiki.getDocument(XWiki.java:2257)
at com.xwiki.macros.excerptinclude.internal.macro.ExcerptIncludeMacro.internalExecute(ExcerptIncludeMacro.java:128)
... 240 more
Caused by: com.xpn.xwiki.XWikiException: Error number 2 in 0: No wiki with id [confluencePage:page] could be found
at com.xpn.xwiki.internal.store.hibernate.HibernateStore.beginTransaction(HibernateStore.java:854)
at com.xpn.xwiki.store.XWikiHibernateBaseStore.beginTransaction(XWikiHibernateBaseStore.java:576)
at com.xpn.xwiki.store.XWikiHibernateStore.loadXWikiDoc(XWikiHibernateStore.java:1082)
... 244 more

To configure the remote Integration Service

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

To configure the local Cell

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

To configure the remote Cell

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

To start the servers

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

Perform the following steps to configure the Infrastructure Management Server to Oracle database communication to enable TLS 1.2 mode:

To configure the Infrastructure Management Server to Oracle database communication to enable TLS 1.2

Perform the following steps to enable the Infrastructure Management Server to Oracle database communication in TLS mode:

Notes

Ensure that the Oracle database is configured in TLS 1.2 mode, and then configure the Infrastructure Management server in TLS 1.2 mode as explained in the following section.
Oracle database version 11G is TLS 1.0 compliant.
Oracle database version 12.1.0.2 and 19c are TLS 1.2 compliant.
If the Infrastructure Management server is configured in the high-availability mode, first perform the following sequence of steps on the primary Infrastructure Management server, and then on the secondary Infrastructure Management server.

Stop the Infrastructure Management Server by running the following command:
pw system stop
Go to the <Infrastructure Management Server Install Directory>\pw\pronto\conf directory, and add COMDefine oracle.jdbc.autoCommitSpecCompliant=false in the pnagentcntl.conf file.
Go to the <Infrastructure Management Server Install Directory>\pw\pronto\bin directory, and run the switchTLSMode.pl script as shown in the following code block:
#Syntax
perl switchTLSMode.pl -<on/off> -flow <communication channel> -dbport <Oracle Database port> -dbver <Oracle Database version>

#Example
perl switchTLSMode.pl -on -flow oracle -dbport 2484 -dbver 19C
Parameter description
The following notes describe the key parameters used in the preceding command:
- -on/off: on option enables TLS mode of communication. off option disables TLS mode of communication and enables the default tcp/ssl mode of communication.
- -flow: This variable can have two options: event_and_data, and oracle. If flow is set to oracle, the communication between the Infrastructure Management Server and the Oracle database is TLS 1.2 enabled.
- -dbport: Specify the port number that is configured for the Oracle database communication.
- -dbver: Specify the Oracle database version. There are two compatible Oracle database versions: 12C, 19C
Open the pronet.conf file in the <Infrastructure Management Server Install directory>\pw\custom\conf directory, and verify that the configuration parameters are set as shown in the following code block:
pronet.api.database.portnum=2484
#Configuration settings to make TLS compliant
pronet.api.database.conntype=ssl
Verify that the latest oracle JDBC driver ojdbc8.jar is copied in the <Infrastructure Management Server Install directory>\pw\apps3rdparty\jdbc directory.
Run the following command to verify if the Infrastructure Management server is able to establish a connection with Oracle database in TLS mode:
#Microsoft Windows
<Infrastructure Management Server Install directory>\pw\pronto\bin\runjava api.database.DbUpCheck

#Linux
<Infrastructure Management Server Install directory>/pw/pronto/bin/runjava api.database.DbUpCheck

#Example output
INFO 06/08 21:14:34 Library 600002 Setting SSL properties for Oracle database connection
success
Start the Infrastructure Management Server by running the following command:
pw system start
Run the following command to verify if the Infrastructure Management server is able to establish a connection with Oracle database:
pw p l

#Example Output
BMC TrueSight Infrastructure Management Command Line Interface 2020 version 11.3.04

Copyright
1997-2020 BMC Software, Inc. as an unpublished work. All rights reserved.

Servers/Daemon Processes
------------------------
services   15788
httpd    9024
jserver    9812
pronet_agent   12860
pronet_cntl   13364
tunnelproxy   14352
rate   10292
Oracle
Running on test-bmc-setup:2484
mcell    1788
After restarting, the Infrastructure Management server status must be displayed as connected in the associated Presentation Server.

To upgrade the Infrastructure Management server that communicates with the Oracle database in TLS mode

To upgrade the Infrastructure Management server that communicates with the Oracle database in TLS mode, perform the following sequence of steps:

Disable TLS communication between Infrastructure Management server to Oracle database. For detailed instructions, see Rolling-back-to-SSL-configuration.
Upgrade the Infrastructure Management server. For detailed instructions, see Upgrading the Infrastructure Management Server.
Enable TLS communication between Infrastructure Management server to Oracle database.

By default, the PATROL Agent communicates using either Transmission Control Protocol (TCP) or Secure Sockets Layer (SSL) protocol, but you can configure PATROL Agents to enable TLS 1.2 mode.

The following process workflow guides you to configure the PATROL Agent to Integration Service communication to be TLS compliant:

Ensure that the signed certificates are generated for the Integration Service and imported into the PATROL Agent's client DB certificate store.
To generate signed certificates for the Integration Service, see Implementing-private-certificates-in-the-Integration-Service.
Ensure that the PATROL Agent and the TrueSight Integration Service are running at the same security level.
- To change the PATROL Agent's security level, see Changing the PATROL Agent's security level.
- To change the Integration Service's security level, see Changing the Integration Service's security level.
Configure the PATROL Agent to Integration Service communication to enable TLS mode.
- Run the set_unset_tls command in the PATROL Agent
- Run the set_unset_tls_is command in the Integration Service
  For details, see Configuring-the-PATROL-Agent-to-Integration-Service-communication-to-enable-TLS-1-2.
Update the PATROL Agent's registry files.
For details, see Updating the PATROL Agent registry files.
Update the Integration Service's registry files.
For details, see Updating the Integration Service registry files.

By default, the PATROL Agent communicates with Integration Service in TLS 1.2 mode.

The following workflow guides you to upgrade the PATROL Agent to 22.3.01, which enables the communication between PATROL Agent and Integration Service to be TLS compliant by default.

Ensure that the Integration Service is configured in TLS mode and is at security level 2. Please refer page TLS
By default the PATROL Agent and Integration Service uses the BMC Self Signed certificates shipped during the installation process.
Location of default certificates on PATROL Agent:
Windows -
%{/BMC/INSTBASE}\common\security\config_v3.0\demo_certs\nss\demo_client`
%{/BMC/INSTBASE}\common\security\config_v3.0\demo_certs\nss\demo_server
Unix –
%{/BMC/INSTBASE}/common/security/config_v3.0/demo_certs/nss/demo_client
%{/BMC/INSTBASE}/security/config_v3.0/demo_certs/nss/demo_server
Integration Service –
Windows -
%{/BMC/INSTBASE}\TrueSight\pw\patrol\common\security\config_v3.0\demo_certs\nss\demo_client
%{/BMC/INSTBASE}\TrueSight\pw\patrol\common\security\config_v3.0\demo_certs\nss\demo_server
Unix –
%{/BMC/INSTBASE}/TrueSight/pw/patrol/common/security/config_v3.0/demo_certs/nss/demo_client
%{/BMC/INSTBASE}/TrueSight/pw/patrol/common/security/config_v3.0/demo_certs/nss/demo_server
In case user want to implement private certificates ensure that the signed certificates are generated for the Integration Service and imported into the PATROL Agent's client DB certificate store.
To generate signed certificates for the Integration Service, see Implementing private certificates in the Integration Service.
By default PATROL Agent uses “No Certificate Validation” option for the communication. If customer wants to implement “Certificate validation” option post installation they can execute following commands.

Windows -

1. Stop PATROL Agent
2. cd under “%{/BMC/INSTBASE}\common\security\config_v3.0”
3. set_unset_tls.cmd “%{/BMC/INSTBASE}” UNSET_TLS 2
4. set_unset_tls.cmd “%{/BMC/INSTBASE}” SET_TLS 2 -serverDbPath %{/BMC/INSTBASE}\common\security\config_v3.0\demo_certs\nss\demo_server -clientDbPath %{/BMC/INSTBASE}\common\security\config_v3.0\demo_certs\nss\demo_client -identity "PatrolServer - BMC"
5. Restart the PATROL Agent

Unix –

1. Stop PATROL Agent
2. cd under “%{/BMC/INSTBASE}/common/security/config_v3.0”
3. set_unset_tls.sh “%{/BMC/INSTBASE}” UNSET_TLS 2
4. set_unset_tls.sh “%{/BMC/INSTBASE}” SET_TLS 2 -serverDbPath %{/BMC/INSTBASE}/common/security/config_v3.0/demo_certs/nss/demo_server -clientDbPath %{/BMC/INSTBASE}/common/security/config_v3.0/demo_certs/nss/demo_client -identity "PatrolServer - BMC"
5. Restart the PATROL Agent

Perform the following steps to enable the Infrastructure Management Server to BMC Impact Integration Web Services (IIWS) communication to be TLS compliant:

Step 1: To configure the Infrastructure Management Server
Step 2: To configure the BMC Impact Integration Web Services server
Step 3: To start the servers

To configure the Infrastructure Management Server

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

To configure the BMC Impact Integration Web Services server

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

To start the servers

Failed to execute the [excerpt-include] macro. Cause: [Error number 2 in 0: No wiki with id [confluencePage:page] could be found]. Click on this message for details.

Perform the following steps to enable the Infrastructure Management server main cell to Reporting engine communication to be TLS compliant:

Step 1:To configure the Infrastructure Management server cell component
Step 2:To configure the Reporting Engine component

Note

If the Reporting Engine is in TLS mode, it cannot communicate with any of the remote cells or Infrastructure Management server cells operating in Non-TLS mode.

	Infrastructure Management server cells in TLS mode	Infrastructure Management server cells in Non-TLS mode	Remote cellsin TLS mode	Remote cells in Non-TLS mode
Reporting Engine in TLS mode	✅️	❌️	✅️	❌️

To configure the Infrastructure Management server cell component

Using a text editor, open the mcell.dir file on the BMC TrueSight Infrastructure Management Server host computer. The file is located in the <Infrastructure Management server Install Directory>\pw\server\etc directory.
Check for the instance of the code line having encryption key value as shown in the following code block:
gateway.reportengine bpre.<fullyQualifiedHostName> <encryptionKey> <fullyQualifiedHostName>:<3783>
#Example
gateway.reportengine bpre.vs-pun-tsim-bp03.bmc.com mc vs-pun-tsim-bp03.bmc.com:3783
Modify the existing value of encryption key to *TLS as shown in the following example:
gateway.reportengine bpre.vs-pun-tsim-bp03.bmc.com *TLS vs-pun-tsim-bp03.bmc.com:3783
Save and close the file.
Reload the mcell.dir file by entering the following command from a command line:
#Syntax
mcontrol -n cellName reload dir
#Example
mcontrol -n pncell_vm-w23-rds1016 reload dir
Note
pncell_vm-w23-rds1016 is the name of the cell.

To configure the Report Engine component

Navigate to the reportsCLI directory by running the following command:
# Microsoft Windows operating system
CurrentDirectory>cd <TrueSight Operations Management Reporting Install directory>\bin\reportsCLI
# Unix operating system
$cd <TrueSight Operations Management Reporting Install directory>/bin/reportsCLI
Initiate the configuration settings by running the following command:
#Syntax
tls_config init -truststore <truststore file> -truststorepassword <truststore password> [-keystore <keystore file> -keystorepassword <keystore password>][-SqlAnywhereCert <trust certificate path>]
#Example
tls_config init -truststore cacerts -truststorepassword <truststore password> -keystore cacerts -keystorepassword <keystore password> -SqlAnywhereCert <BMC TrueSight Operations Management Report Engine Install Directory>\ReportEngine\tools\jre\bin
When you run the tls_config script, you are prompted to confirm the restart of the Reporting Engine. The TLS configurations are applied only when the Reporting Engine restarts.
Parameter description
The following notes describe the key parameters used in the preceding command:
- cacerts: Name of the keystore and truststore file of the Report Engine.
- <truststore password>: Password for the keystore/truststore. changeit is the default password for the cacerts keystore. If you have changed this password, use the current password.
- <BMC TrueSight Operations Management Report Engine Install Directory>\ReportEngine\tools\jre\bin: The directory path where the cacerts truststore file is located.
Enable the TLS configuration by running the following command:
tls_config enable -component cell

Perform the following steps to configure the Infrastructure Management server to Publishing Server communication to enable TLS 1.2 mode:

To configure the Infrastructure Management server

Perform the following steps to enable the Infrastructure Management server to Publishing Server communication to be TLS compliant:

Stop the Infrastructure Management Server by running the following command:
pw system stop
Using a text editor, open the pronet.conf located in the <Infrastructure Management Server Install Directory>\pw\custom\conf directory.
Add the following properties in pronet.conf as shown in the following code block:
pronet.jms.passwd.file=pronto/conf/.ks_pass
pronet.apps.ipc.ssl.context.pserver.truststore.filename=messagebroker.ts
pronet.apps.ipc.ssl.context.pserver.keystore.filename=pnserver.ks
pronet.apps.ipc.ssl.context.pserver.enabledsuites=TLS_RSA_WITH_AES_128_CBC_SHA256
pronet.apps.ipc.ssl.context.pserver.keystore.passwdfile=pronto/conf/.ks_pass
Using a text editor, open the mcell.dir located in the <Infrastructure Management Server Install Directory>\pw\server\etc directory.
Comment out any existing instances of the code lines having encryption key value as mc as shown in the following code block:
#Type                            <name>             encryption key                <host>/<port>
#cell                      pncell_hostname         mc                pncell_hostname.bmc.com:1828
#gateway.imcomm              gw_ps_pncell_hostname       mc                    hostname.bmc.com:1839
Add the code lines to set the encryption key value to *TLS as shown in the following code block:
#Type                            <name>             encryption key               <host>/<port>
cell                      pncell_hostname        *TLS            pncell_hostname.bmc.com:1828
gateway.imcomm              gw_ps_pncell_hostname       *TLS                    hostname.bmc.com:1839
Save and close the file.
Using a text editor, open the smmgr.conf located in the <Infrastructure Management Server Install Directory>\pw\server\etc directory.
Comment out any existing instance of the code line having ServerTransportProtocol value as tcp as shown in the following code block:
#ServerTransportProtocol=tcp
Add the code lines to set the ServerTransportProtocol value to tls, and server certificate file name and key values as shown in the following code block:
ServerTransportProtocol=tls
ServerCertificateFileName=mcell.crt
ServerPrivateKeyFileName=mcell.key
Notemcell.crt and mcell.key are the names of the cell key and the certificate. If the cell certificate and key names in your Infrastructure Management server are different then use the relevant names in the preceding settings. For more information about how to create cell key and certificate, see Implementing-private-certificates-in-the-TrueSight-Infrastructure-Management.
Save and close the file.
Start the Infrastructure Management Server by running the following command:
pw system start

Where to go from here

Securing-communication-among-Infrastructure-Management-components

Configuring TrueSight Infrastructure Management to enable TLS 1.2

Before you begin

To configure the TrueSight Infrastructure Management components to enable TLS 1.2

To configure the local Integration Service

To configure the remote Integration Service

To start the servers

To edit the Integration Service's properties

To configure the local Integration Service

To configure the remote Integration Service

To configure the local Cell

To configure the remote Cell

To start the servers

To configure the Infrastructure Management Server to Oracle database communication to enable TLS 1.2

To configure the Infrastructure Management Server

To configure the BMC Impact Integration Web Services server

To start the servers

To configure the Infrastructure Management server cell component

To configure the Report Engine component

To configure the Infrastructure Management server

Where to go from here

On this page